SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Russian Hackers Are Exploiting This Signal Feature for Spying

Penka Hristovska
Penka Hristovska Former Editor
Published on: February 20, 2025
Penka Hristovska Penka Hristovska Former Editor
Published on: February 20, 2025

Russian threat actors have been running phishing campaigns that take advantage of the “Linked Devices” feature in the privacy-focused Signal messaging app to gain unauthorized access to targeted accounts.

“The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate ‘linked devices’ feature that enables Signal to be used on multiple devices concurrently,” the Google Threat Intelligence Group (GTIG) said in a report.

Signal’s “linked devices” feature allows users to use messaging app across multiple devices simultaneously.

According to the report, APT groups associated with the Kremlin are deceiving users into scanning malicious QR codes hidden in phishing pages or disguised as group invite links. This allows them to secretly add their own device as a linked endpoint to the victim’s Signal account.

Once the connection is established, the attacker can see and mirror every message sent by the user in real-time. This allows the attacker to bypass Signal’s end-to-end encryption without needing to compromise the underlying cryptography.

“Notably, this device-linking concept of operations has proven to be a low-signature form of initial access due to the lack of centralized, technology-driven detections and defenses that can be used to monitor for account compromise via newly linked devices; when successful, there is a high risk that a compromise can go unnoticed for extended periods of time,” the group explains.

If you’re a Signal user and want to protect yourself from this type of attack, you should enable screen lock on all mobile devices using a strong, complex password that includes a mix of uppercase and lowercase letters, numbers, and symbols. You should make sure to install operating system updates as soon as they’re out and always use the latest version of Signal and other messaging apps.

Users in high-risk environments should also consider regularly auditing the ‘Linked devices’ section in Signal’s settings to check for any unauthorized devices connected to their accounts.

About the Author
Penka Hristovska
Penka Hristovska
Former Editor
Published on: February 20, 2025

About the Author

Penka Hristovska is a former editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.